DataArt

DataArt Securuty Services for AWS

Our Service is for helping the Client set up and maintain cloud software or hosting services, and it includes: cloud migration planning, set up and migration, security services, quality assurance and performance testing, training, and ongoing support.

Features

• hundreds of certified cloud experts and active partnerships with AWS
• review of cloud environments
• cloud security consulting expertise
• full coverage of systems and infrastructure
• early detection of security vulnerabilities
• staff security training and awareness programmes
• ensuring compliance with ISO 27001, PCI DSS, and GDPR standards
• making sure that security protocols are in place
• guidelines for incident management
• social engineering test, secure code review

Benefits

• helps with a full spectrum of cloud security services
• ensures risks are identified, managed, and reduced
• ensures full coverage of systems, infrastructure and business processes
• ensures that all the critical information is protected
• ensures client's employees follow all security best practices
• helps saving money and reputation by early detection of vulnerabilities
• Minimizes hackers’ chances to penetrate applications and network
• ensures compliance with worldwide requirements and avoidance of penalties
• helps improving the company’s security environment
• minimizes damage after security incidents

£480 to £2,520 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dos.uk@dataart.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

398203649649647

Contact

Inna Pisanova
+4402070999464
dos.uk@dataart.com

Planning

• Planning service: Yes
• How the planning service works: At this stage, we assess the cloud gap and provide recommendations of the right cloud service. Our architects use best practices recommended by clouds. As a partner of 3 main cloud providers, we use guidance for each cloud. For identifying gaps, we use Cloud Adoption and Well Architected Review. Our Architects and DevOps are certified by main cloud providers.; Our solution architects identify the cloud architecture to deliver the cloud strategy. We conduct interviews with stakeholders to identify requirements, drivers to migration, success metrics, and limitations. We do the infrastructure assessment to define the current state of the architecture. The target state is then designed by the architects who have multi-cloud experience and can recommend the choice of the cloud.; Then we develop cloud roadmaps. Road mapping starts from cloud readiness and existing infrastructure assessment. Based on this assessment, we produce a roadmap with the main stakeholders according to cloud adoption frameworks. It covers different layers of business: HR, Finances, IT, Platform, Operations, Security, etc., and suggests actions and improvements for successful cloud adoptions. We convert the infrastructure assessment into a migration portfolio to define workloads, waves for migrations, a migration strategy for each workload, and timelines for migration waves.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with:
  • Amazon Web Service
  • Microsoft Azure
  • Google Cloud Platform

Training

• Training service provided: Yes
• How the training service works: We provide training services to ensure that knowledge and expertise are retained when moving to the implementation of the solution. This may include but not limited to: how to use the services provided at basic through to super user levels; basic and advanced troubleshooting skills to identify problems and the necessary remedial actions; optimisation of service functionality through knowledge/skills transfer. ; ; It consists of several parts. As part of cloud strategy, we help the clients create a strategic educational path for employees to upskill them with cloud services. We always involve the client’s representatives in the processes so they could learn more about the cloud and the solution in the cloud. We create playbooks to help customer’s team with problem identification, troubleshooting and remediation. We propose ‘lunch & learn’ sessions to our clients to share our expertise. We also perform series of knowledge transfer workshops for this purpose.
• Training is tied to specific services: Yes
• Services the training service works with:
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: During this phase, we audit/organise customer data/info, provide recommendations for data/info structures for the future service, develop communication plans for staff engagement, ensure management and governance of migration plans, optimise customer requirements and migrated services, work with service providers to ensure successful migration. ; ; Our architects and data engineers propose designs for the system, and data pipelines. If data restructuring is required, we include this in the solution. We create internal and external communication plans at the stage of building a proposal. Before starting the migration, we help our clients establish Cloud Center of Excellence that enables communication between stakeholders. ; ; The CCoE enables proper governance and planning of all migration waves and migration projects, and DataArt organizes the engagement. We create account management team that aligns migration plans between different teams. ; ; Successful and secure migration is a focus for our cloud certified specialists during migration. We apply well architected techniques; processes recommended by cloud providers and use reference architectures of cloud providers to be sure the migration is executed securely according to their best practices. As cloud partners, we have access to their dedicated partnership architects and managers who help us, and our clients validate our architecture and migration plans.
• Setup or migration service is for specific cloud services: Yes
• List of supported services:
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Migration validation and testing are always part of a migration wave plan. Depending on a client’s technologies and specific requirements, test plans are created by QA engineers. When test automation is required, then QAA engineers are engaged. ; ; We have a dedicated team of performance testing engineers who decide what kind of performance testing is required, automate them and run. They also help to assess architecture, find bottlenecks, and help the development team with performance issues. They can do any kind of Load Testing, Stress Testing, Volume Testing, Soak Testing, Scalability Testing and Capacity Planning. ; ; Testing and validation plans are always implemented during migration. We recommend validation automation, especially in migration with zero-downtime or when downtime is very unlikely. Our QA engineers can implement validation and testing for projects of all scales. ; ; System infrastructure performance is validated by performance tests. We often practice ‘Chaos Engineering’ approach to test resilience of the infrastructure and behavior of the system. ; ; Operation excellence is part of a target architecture when we design it. Automated operations are what we do for our clients. For the unautomated part of the operations, we create playbooks, do knowledge transfer, and appropriate handover.

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
• Certified security testers: Yes
• Security testing certifications:
  • CREST
  • Other
• Other security testing certifications:
  • OSCP
  • OSWE
  • EWPTXv2
  • ECPTXv2
  • EMAPT
  • CRTO
  • CRTE
  • BSCP

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Buyer hosting or software
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: We consider no-downtime to be the most major performance indicator of the support service. Unlike many vendors promising quick resolution of issues that arise, we focus on preventing situations that cause downtime. In this paradigm, incidents are considered as exceptions, and we take all measures to resolve them at top speed, ideally before end users notice anything. Our service proposition is structured around either a dedicated or shared team of experienced engineers working on a 24x7 basis, including weekends and public holidays. We also assume to utilize our DevOps expertise to make our team perform as efficiently as it could. This approach allows us to make our proposition cost-efficient without sacrificing performance. ; ; With that in mind, we invest in well-educated, smart and experienced professionals, preferring quality over quantity. Having stable and reliable infrastructure combined with modern DevOps tools and practices substantially reduces the need for the out-of-hours urgent work; simple tasks can be handled automatically or by the personnel with more generic knowledge of the system.

Service scope

• Service constraints: Our cloud support services have no constraints other than we propose our services for specific clouds such as Amazon Web Services, Microsoft Azure and Google Cloud Platform.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response time is the same for weekends as for workdays:; 30 (thirty) minutes for Critical issues,; 1 (one) hour for High priority issues,; 4 (four) hours for Medium priority issues during normal business hours,; 12 (twelve) hours for Low priority issues during normal business hours,
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Support levels: We propose three levels of support to our clients. ; L1 – a dedicated support team working 24x7 for a client at a fixed monthly fee of GBP 25,000/month;; ; L2 – a shared team working 24x7, 80 hours a month at a fixed monthly fee of GBP 8,000/month plus enrollment fee of GBP 8,000/month, extra hours are billed at the rate of GBP120 per hour. There is no enrollment fee in the projects with the term over 1 year;; ; L3 – a dedicated DevOps team (scalable depending on the project) working 9 to 5, Mon to Fri, on duty fee is paid at workday rate of GBP40 per person per day, and weekend or public holiday rate of GBP70.; ; 24x7 technical support team is available 24x7, including weekends and public holidays. ; ; Response time:; • Critical priority - 30 (thirty) minutes, ; • High priority - 1 (one) hour, ; • Medium priority - 4 (four) hours during business hours, ; • Low priority - 12 (twelve) hours during business hours ; ; Team Lead and Technical Lead/Account Manager are part of the ongoing support service.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type II

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As socially responsible individuals, we acknowledge that human activity is transforming the world. DataArt recognizes the stark reality of man-made climate change and its considerable threat to the planet. We assume responsibility for our impact on the climate, waste, energy, water, and other natural resources, implementing technically feasible and cost-effective measures to improve our resource efficiency. ; ; Carbon Footprint: DataArt is mindful of the carbon footprint we leave behind, and we continually strive to enhance our office operations' sustainability. ; ; Recycling: DataArt is committed to adopting waste separation practices, increasing the proportion of recyclable equipment, and adhering to the recycling requirements for waste products like batteries, and electrical and electronic equipment. ; ; Green Energy: DataArt is dedicated to supporting facilities for environmentally-friendly personal transport and enforcing a local travel policy favoring trains over planes. We are committed to calculating and improving the climate impact of all our business trips. ; ; Local Procurement: DataArt is committed to adopting the “buy local” principle for certain goods and materials to reduce the environmental impact resulting from the transportation of goods and materials within DataArt’s supply chain.

  Covid-19 recovery

  Main vector of recovery activities was directed at internal communications and support of our colleagues and their families. Emergency Response Team (ERT) was created in 2020 due to COVID-19 issue and dealt with monitoring of health of our colleagues; informational and organizational support for vaccinations, notifications to colleagues on changes in the working process, responding to all inquiries (colleagues could reach out to ERT at any time with any question), managing other force majeure corporate actions. ; ; The Emergency Response Team (ERT) is comprised of representatives from all corporate functions and primary locations. ; ; Despite the economic hardships of the COVID-19 pandemic, when many businesses were laying off staff, we managed to retain all our staff, maintaining total compensation and benefits packages. ; ; As the COVID-19 pandemic has increased reliance on mobile devices for accessing our EDU portal, we've enhanced its adaptive design, introduced personalized course recommendations, and added feedback fields and a new analytics tool. In response to the shift to a 100% work-from-home model, we've improved courses on compliance and security, updated onboarding courses, and added gamification elements to mandatory courses.

  Tackling economic inequality

  On our way to becoming an international company, we’ve learned how important it is to understand the problems of local communities. We are determined to help our colleagues trying to improve life in the regions by leveraging DataArt’s global IT expertise. ; ; We realize that war in the XXI century remains a major threat, and several of our locations, such as Ukraine and Armenia, are finding themselves in an active armed conflict. Our management and employees are committed to helping these societies in their efforts to overcome the destructive consequences of modern-day armed conflicts through such initiatives as Support Ukraine. ; ; We are a community of highly educated individuals in science, technology, engineering, and math. We are uniquely positioned to share our knowledge and experience with other people around the world and promote free mechanisms for self-education.

  Equal opportunity

  As a multinational company, DataArt is committed to promoting equality, diversity, and inclusion. We firmly believe that this commitment helps us to better serve a diverse range of customers, retain motivated and content staff, and prevent issues such as bullying, harassment, and discrimination. We encourage equality, diversity, and inclusion at all levels. We ensure that all recruiters and interviewers follow our non-discrimination and equal opportunity policies, which apply to newcomers and existing colleagues taking on new roles. Our grades system, with a specified skill set and salary level for each grade, allows for unbiased assessment and avoids pay discrepancies. ; ; DataArt promotes gender diversity, closely collaborating with various "Women in IT" initiatives and sponsoring events to attract female IT specialists. Our partners include "Women TechMakers," "Python Community for Women," "Toastmasters International," and "Geek Girls Carrots." ; ; We promote equal opportunities and diversity in employment. All job applicants receive equal treatment regardless of age, disability, gender, marital or civil partner status, pregnancy or maternity, race, color, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. ; ; We closely monitor potential gender inequality risks at DataArt, aiming to prevent practices such as unequal pay, limited opportunities for advancement, hostile work environments, and lack of representation. ; ; We are committed to creating a workplace that is free of harassment and discrimination, where co-workers, candidates, and other stakeholders are respected. We aim to provide an environment that encourages good performance and conduct at all our working locations, always.

  Wellbeing

  We employ a systemic approach to organizing work, human resource management, and staff wellbeing within the company. ; ; We maintain high standards for ethics, personal and professional behavior based on the company’s values. These standards ensure comfortable and productive working relationships among DataArt employees. ; ; We unwaveringly adhere to local and international anti-slavery, human trafficking, and child labor laws, following all applicable international guidelines and national labor legislative requirements. Policy UN Goals: ; ; Goal 5: Gender equality; ; ; Goal 8: Decent work and economic growth. ; ; We have established and maintain high standards for the office environment in terms of comfort and safety. We understand how important it is for our offices and IT infrastructure to be comfortable for people with special needs; we consider this when opening new locations and designing internal systems. ; ; The Corporate Business Continuity and Disaster Recovery program prioritizes staff well-being and safety. We provide extensive medical insurance and have mental help programs. We consistently invest in employees' professional development and have a state-of-the-art education approach coordinated by a cross-functional group at the corporate level. This activity includes, but is not limited to, an internal EDU platform, language courses, professional development programs, and certifications. ; ; We recognize the importance of public health and wellbeing. We contribute through health and safety initiatives, anti-epidemic measures, conducting public awareness seminars, and supporting local industry sports events.

Pricing

• Price: £480 to £2,520 a unit a day
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dos.uk@dataart.com. Tell them what format you need. It will help if you say what assistive technology you use.